Oversecured Vulnerable iOS App is an iOS app that aggregates all the platform’s known and popular security vulnerabilities.
List of vulnerabilities
This section only includes the list of vulnerabilities, without a detailed description or proof of concept. Examples from this intentionally vulnerable app will receive detailed examination and analysis on our blog.
- Enabled iTunes file sharing allowing to browse and access files from
Documentsdirectory in file
- Session theft via
- Overwriting of arbitrary files via
- Memory corruption via
- HTML injection via
- Hardcoded AES encryption key and IV in file
- Enabled (not disabled) caching in
NetworkCalls.swiftthat saved credentials onto the device.
- Insecure ATS configuration allowing insecure connections in file
- Dumping the cache file to a public storage in file
Licensed under the Simplified BSD License
Copyright (c) 2021, Oversecured Inc